Should I version control rel/config.exs


I’m new in the forum, relatively new to elixir, and completely new to distillery and OTP releases, so sorry if I’m missing an obvious answer for this.

Using distillery I ran mix release.init to generate rel/config.exs. Apart from the configuration, that I would like to keep under version control, the file includes the BEAM cookie. I tryied to remove the cookie configuration as I don’t think I will need it, but then distillery complained:

==> Attention! You did not provide a cookie for the erlang distribution protocol in rel/config.exs
    For backwards compatibility, the release name will be used as a cookie, which is potentially a security risk!
    Please generate a secure cookie and use it with `set cookie: <cookie>` in rel/config.exs.
    This will be an error in a future release.

Should I keep this file out of version control or move the cookie somewhere else (another configuration file or environment variable)?


One approach is to use System.get_env to pull the cookie in the config, and source control the whole file. Another approach I use is to provide your own vm.args file which uses the REPLACE_OS_VARS feature to inject the cookie at runtime.

1 Like

Although I’m not sure I understand the 2nd suggestion, it seems that in both you keep the rel/config.exs under source control.
I will do the same and keep the cookie somewhere else.
Thanks for the answer!